[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Sat, May 31, 2014 at 12:11:28AM +1000, Alfie John wrote:
On Sat, May 31, 2014, at 12:06 AM, micah anderson wrote:
        . keeps an adversary who may be listening on the wire from
          looking at what you are installing. who cares what you are
          installing? well it turns out that is very interesting
          information. If you can see that I've just installed X
          package, and you then just look over at our security tracker
          and find that this package has an exploit...

It's only metadata, so who cares right? Only kidding. This is a totally
legitimate scenario which I didn't think of. Nice.

So your solution to adding privacy is to make sure that every debian system checks in with debian directly rather than using a distributed infrastructure? I'd suggest looking at apt-transport-tor instead.

Mike Stone

Reply to: